Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

wrapper php


Recommended Posts

Wrapper.php for OsCommerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Often from my admin/whosonline I can see things like: /shop/wrapper.php?file=http://site.xx/images?

Can't understand what's happening, what's the trick, what I loose and what they can gain from this.

Anybody knows hot to fix it?

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...